IETF Logo Mail Archive

Re: [OAUTH-WG] SSO scenario

Brian Campbell <bcampbell@pingidentity.com> Wed, 31 August 2011 22:47 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C43721F8D97 for <oauth@ietfa.amsl.com>; Wed, 31 Aug 2011 15:47:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.9
X-Spam-Level:
X-Spam-Status: No, score=-5.9 tagged_above=-999 required=5 tests=[AWL=0.077, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sTagwim1+njD for <oauth@ietfa.amsl.com>; Wed, 31 Aug 2011 15:47:27 -0700 (PDT)
Received: from na3sys009aog123.obsmtp.com (na3sys009aog123.obsmtp.com [74.125.149.149]) by ietfa.amsl.com (Postfix) with ESMTP id 6B82C21F8D94 for <oauth@ietf.org>; Wed, 31 Aug 2011 15:47:26 -0700 (PDT)
Received: from mail-qw0-f54.google.com ([209.85.216.54]) (using TLSv1) by na3sys009aob123.postini.com ([74.125.148.12]) with SMTP ID DSNKTl66U2Nz8RGiAZA32XFXrBAfPwOeZOaO@postini.com; Wed, 31 Aug 2011 15:48:59 PDT
Received: by mail-qw0-f54.google.com with SMTP id 9so911694qwc.41 for <oauth@ietf.org>; Wed, 31 Aug 2011 15:48:51 -0700 (PDT)
Received: by 10.224.27.80 with SMTP id h16mr786463qac.89.1314830930065; Wed, 31 Aug 2011 15:48:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.67.20 with HTTP; Wed, 31 Aug 2011 15:48:20 -0700 (PDT)
In-Reply-To: <201108311415.01737.justin@affinix.com>
References: <201108261604.57643.justin@affinix.com> <201108311358.07248.justin@affinix.com> <4E5EA236.9080904@aol.com> <201108311415.01737.justin@affinix.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 31 Aug 2011 16:48:20 -0600
Message-ID: <CA+k3eCT6ySsH1aucHbtPYZe6j_F4g4KF8Y6DN4HGbBxk+SMXpw@mail.gmail.com>
To: Justin Karneges <justin@affinix.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] SSO scenario
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2011 22:47:28 -0000

JWT is definitely not at odds with OAuth.  I guess you could say JWT
is potentially complementary in a number of ways (they can be used
together but don't need to be).  Though I'm not aware
of any spec work around it, I suspect many will chose to use JWT as a
bearer access token format.  JWTs can also be used as an OAuth grant
type [1] which is based on similar functionality for SAML tokens [2].

[1] http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer
[2] http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer


On Wed, Aug 31, 2011 at 3:15 PM, Justin Karneges <justin@affinix.com> wrote:
> On Wednesday, August 31, 2011 02:05:58 PM George Fletcher wrote:
>> You could also use a signed JWT returned by the resource owner (web
>> site) to be presented to the resource server (widget provider) that the
>> resource server can validate (e.g. verify the signature). The JWT can
>> contain scopes, expiry time, etc as needed. If the widget provider needs
>> to access services at the resource owner, the JWT can contain an
>> appropriate access_token for the user.
>
> Interesting, I was not aware of JSON Web Tokens until now.  Is there a
> relationship to OAuth?  Are they at odds or serve different purposes?
>
> Justin
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email